<?php

/* Copyright (c) 2007 Alec Henriksen
 * phpns is free software; you can redistribute it and/or modify it under the
 * terms of the GNU General Public Licence (GPL) as published by the Free
 * Software Foundation; either version 2 of the Licence, or (at your option) any
 * later version.
 * Please see the GPL at http://www.gnu.org/copyleft/gpl.html for a complete
 * understanding of what this license means and how to abide by it.
*/




/*
SITE WIDE FUNCTIONS
The following functions are used for mice
##############################################
##############################################
*/
	function general_query($query,$array=FALSE) { //for simple/misc queries
		
				if ($clean == TRUE) {
					$query = clean_data($query); //clean
				}
				
			$res = mysql_query($query) or die(mysql_error());
			//return value or not?
				if ($array == TRUE) { //if we want a value
					$value = mysql_fetch_array($res);
					return $value;
				} else {
					return $res;
				}
		}
	function content_num($table,$type,$ext) {
		global $databaseinfo; //for table prefix
		if ($type == 1) {
			$stat_sql = 'SELECT * FROM '.$databaseinfo['prefix'].''.$table.'';
				if ($ext == 1) { $stat_sql = "$stat_sql WHERE active=0"; } //add selector for unactive stories
				if ($ext == 2) { $stat_sql = "$stat_sql WHERE approved=0"; } //add selector for approved stories
			$stat_res = mysql_query($stat_sql);
			$final = mysql_num_rows($stat_res);
		}
		return $final;
	}

	function load_items($table,$start,$limit,$sort,$v) {
		//determine viewable items
		if ($v == "unactive") {
			$v = "WHERE active=0 ";
		} elseif ($v == "active") {
			$v = "WHERE active=1 ";
		} elseif (is_numeric($v)  || $v == 'all') {
			$v = 'WHERE article_cat="'.$v.'"';
		} elseif ($v == "unapproved") {
			$v = "WHERE approved=0 ";
		} elseif ($v != "") {
			$v = "WHERE article_author='".$v."'";
		}
		//determine sorting ASC and DESC, and column to sort. Syntax: $sort = column|(desc,asc);
		if ($sort) {
			$sort = split("/",$sort);
		} else { //else default sorting/column
			$sort[0] = 'timestamp';
			$sort[1] = 'desc';
		}
		$load_sql = "SELECT * FROM $table 
		".$v."
		ORDER BY ".$sort[0]." ".$sort[1]." 
		LIMIT $start, $limit";
		$load_res = mysql_query($load_sql) or die(mysql_error());
		
		if (mysql_num_rows($load_res) == 0) {
			$table_rows = '<td colspan="6">No returned results...</td>';
		}
		//return
		return $load_res;		
	}
	
	function search($search) { //search function. $search = array(); ['category'] and ['query']
		global $page_start;
		global $items_per_page;
		//if all categories or just a certain category
		if ($search['category'] == "all") {
			$category_s = "";
		} else {
			$category_s = "article_cat=".$search['category']." AND (";
			$category_s_e = ')';
		}
		//form the actual query
		$searchsql = "
		SELECT * FROM articles
		WHERE $category_s article_title LIKE '%".$search['query']."%'
		OR article_text LIKE '%".$search['query']."%'
		OR article_exptext LIKE '%".$search['query']."%' ".$category_s_e."
		ORDER BY id DESC
		LIMIT $page_start, $items_per_page";
			
			$searchres = mysql_query($searchsql) or die(mysql_error());
			
		return $searchres;
	}
	
	function load_config($name) { //for loading single values from db
		$name = clean_data($name);
		$sql = "SELECT * FROM gconfig WHERE name='$name'";
		$data = mysql_fetch_array(mysql_query($sql));
		
		return $data;
	}
	function change_config($name,$value) { //for loading single values from db
		$name = clean_data($name);
		$value = clean_data($value);
			//if we need to use v3 instead of v1
			if ($name == "timestamp_format" || $name == "def_comlimit" || $name == "def_rsslimit" || $name == "def_rsstitle" || $name == "def_rssdesc" || $name == "global_message") {
				$sql = "UPDATE gconfig SET v3='".$value."' WHERE name='".$name."'";
			} else {
				$sql = "UPDATE gconfig SET v1='".$value."' WHERE name='".$name."'";
			}
		$data = mysql_query($sql) or die(mysql_error());
		return $data;
	}
	
	function delete($table,$items) {
		$sql = "DELETE FROM ".$table." WHERE id IN (".$items.")"; //delete all records where the id is in the list
		$res = mysql_query($sql) or die(mysql_error()); //execute
		return $res;
	}

	function decode_data($data) {
		if (is_array($data)) {
			foreach ($data as $key => $value) {
				$data[$key] = htmlspecialchars_decode($value);
			}
		} else {
			$data = htmlspecialchars_decode($data);
		}
		return $data;
	}
	
	function fetch_template() { //figure out default template, or use a user defined one.
			if (!$template) {  //if template is not defined by pre-var include... get default
				global $default_template;
				
				$sql = "SELECT * FROM templates WHERE template_selected='1' LIMIT 1";
				//after cleaning data, request
				$res = mysql_fetch_array(mysql_query($sql));
					//update default_template var
					$default_template = $res['id'];
				return $res; //return default template (changeable in preferences)
			} else {
				$sql = "SELECT * FROM templates WHERE id=".$template." LIMIT 1";
				$res = mysql_fetch_array($sql);
				return $res;
			}
		}
		
	function translate_item($item,$template,$type) {
			global $id;
			/* 
			HTML_ARTICLE:
				{title} = article title
				{subtitle} = subtitle
				{date} = timestamp/date
				{main_article} = main article
				{full_story} = full story
				{author} = author
				{article_href} = the link to the article, but the actual href value
				{reddit} = reddit social networking link
				{digg} = digg social networking link
				{del.icio.us} = del.icio.us social networking link
			HTML_COMMENT
				{author} = comment author
				{website} = website
				{comment} = comment
				{date} = comment date
				{ip} = comment ip address
			HTML_FORM:
				{action} = value that goes inside the <form>
				{hidden_data} = required value somewhere inside the <form>
				
			*/
			global $timestamp_format;
			$template = decode_data($template);
			if ($type == "html_article") { //if we are working with the html_article
					//change back from htmlspecialchars to htmlspecialchars_decode
					$item = decode_data($item);
				$item['timestamp'] = date($timestamp_format['v3'], $item['timestamp']);
				$template = str_replace('{title}', $item['article_title'], $template);
				$template = str_replace('{subtitle}', $item['article_subtitle'], $template);
				$template = str_replace('{main_article}', $item['article_text'], $template);
				if ($id) { $template = str_replace('{full_story}', $item['article_exptext'], $template); } else { $template = str_replace('{full_story}', '', $template); }
				$template = str_replace('{date}', $item['timestamp'], $template);
				$template = str_replace('{author}', $item['article_author'], $template);
				
				//construct href for a
				$template = str_replace('{article_href}', '?'.$item['id'], $template);
				
				//reddit, digg, del.icio.us buttons
				$template = str_replace('{reddit}', '<a href="http://reddit.com/submit?url='.$item['id'].'"><img src="http://sp.reddit.com/reddithead4.gif" style="border: 0;" /></a>', $template);
				$template = str_replace('{digg}', '<a href="http://digg.com/submit?phase=2&url=URL&title='.$item['article_title'].'"><img src="http://digg.com/img/badges/16x16-digg-guy.gif" style="border: 0;" /></a>', $template);
				$template = str_replace('{del.icio.us}', '<a href="http://del.icio.us/post?v=4&noui&jump=close&tags=TITLE&url=URL&title=TITLE"><img src="http://images.del.icio.us/static/img/delicious.42px.gif" style="border: 0; width: 16px" /></a>', $template);
					//comment numeric representations
					$comment_num = db_fetch('SELECT COUNT(*) FROM comments WHERE article_id='.$item['id'].'',1,FALSE);
					$template = str_replace('{comment_count}', $comment_num[0], $template);
				return $template;	
			} elseif ($type == "html_comment") {
				$item['timestamp'] = date($timestamp_format['v3'], $item['timestamp']);
				$item['comment_text'] = nl2br($item['comment_text']);
				$template = str_replace('{author}', $item['comment_author'], $template);
				$template = str_replace('{timestamp}', $item['timestamp'], $template);
				$template = str_replace('{comment}', $item['comment_text'], $template);
				$template = str_replace('{website}', $item['website'], $template);
				$template = str_replace('{ip}', $item['ip'], $template);
				return $template;
				
				
			} elseif ($type == "html_form") {
				//start translation for the html comment form
				$template = str_replace('{action}', '?'.$id.'', $template);
				$template = str_replace('{hidden_data}', '<input type="hidden" name="id" value="'.$id.'" />', $template);
				return $template;
			}
			
			
		}

/*
NEWS MANAGEMENT FUNCTIONS
The following functions are used for news management globally for phpns.
##############################################
##############################################
*/

	function gen_categories($format,$display) {
		global $data;
		$row_bg = '#ffffff';
		$cat_sql = "SELECT * FROM categories WHERE cat_parent=''"; //select categories
		$cat_res = mysql_query($cat_sql) or die(mysql_error());
		while ($cat_row = mysql_fetch_assoc($cat_res)) {
			if ($format == "option") {
				//make the current category selected
				if ($data['article_cat'] == $cat_row['id']) {
					$cat_list = $cat_list.
					'<option selected="selected" value="'.$cat_row['id'].'">'.$cat_row['cat_name'].'</option>';
				} else {
					$cat_list = $cat_list.
					'<option value="'.$cat_row['id'].'">'.$cat_row['cat_name'].'</option>';
				}
					if ($display != 'top') {
						//while we get each "top" level categories (without a parent, get the subcategories, and list them BELOW each main cat.
						$cat_sqlsub = "SELECT * FROM categories WHERE cat_parent=".$cat_row['id']."";
						$cat_sqlres = mysql_query($cat_sqlsub) or die(mysql_error());
						while ($catsub_row = mysql_fetch_assoc($cat_sqlres)) {
							if ($data['article_cat'] == $catsub_row['id']) { //if subcat selected
							$cat_list = $cat_list.'
							 <option value="'.$catsub_row['id'].'" selected="selected">&nbsp;&nbsp;&nbsp;&nbsp;--'.$catsub_row['cat_name'].'</option>';
							 } else { //else not selected
							 	$cat_list = $cat_list.'
								<option value="'.$catsub_row['id'].'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'.$catsub_row['cat_name'].'</option>';
							 }
						}
					}
				
			} elseif ($format = "row") {
				$row_bg = ($row_bg == '#ffffff') ? '#F5F5F5' : '#ffffff';
				$cat_row['timestamp'] = date("D M d, Y",$cat_row['timestamp']);
				$cat_list = $cat_list.
				'<tr bgcolor="'.$row_bg.'"><td><a href="preferences.php?do=categories&action=edit&id='.$cat_row['id'].'"><strong>'.$cat_row['cat_name'].'</strong></a></td><td><strong>'.$cat_row['cat_parent'].'</strong></td><td>'.$cat_row['cat_desc'].'</td><td>'.$cat_row['timestamp'].'</td><td><input type="checkbox" value="'.$cat_row['id'].'" name="'.$cat_row['id'].'" /></tr>
				';
				$cat_sqlsub = "SELECT * FROM categories WHERE cat_parent=".$cat_row['id']."";
				$cat_sqlres = mysql_query($cat_sqlsub) or die(mysql_error());
						while ($catsub_row = mysql_fetch_assoc($cat_sqlres)) {
							$catsub_row['timestamp'] = date("D M d, Y",$catsub_row['timestamp']);
							$cat_list = $cat_list.
				'<tr bgcolor="#ccc" ><td bgcolor="#999999"><em> - '.$catsub_row['cat_name'].'</em></td><td>This is a sub-category.</td> <td> '.$catsub_row['cat_desc'].'</td><td>'.$catsub_row['timestamp'].'</td><td><input type="checkbox" value="'.$cat_row['id'].'" name="'.$cat_row['id'].'" /></tr>
				';
						}
			}
		} //end while
		return $cat_list;
	}
	
	function article_form() {
		global $data;
		global $error_message;
		global $globalvars;
		global $do;
		global $news_id;
		$data['cat_list'] = gen_categories('option','');
		//define form HTML display for new items.
			if (!$do || $do == "p" || $do == "preview") {
				$action = '?&do=p';
			} else {
				$action = '?id='.$data['id'].'&do=editp';
			}
			if ($do == "edit") {
				$hidden_f = '<input type="hidden" id="id" name="id" value="'.$news_id.'" />';
				if ($data['approved'] == 0 && $globalvars['rank'][12] == 1) {
					$needs_to_be_approved = '<button class="activate" OnClick="window.location = \'?do=activate&id='.$data['id'].'\';"><strong>Click here to approve this article</strong></button>';
				}
				$comment_b = '<div>'.$needs_to_be_approved.' <button class="activate" OnClick="window.location = \'?do=comments&id='.$data['id'].'\';"><strong>View commens for this item</strong></button></div>';
			}
			
		//define warning if you need approval
		if ($globalvars['rank'][10] == 2) {
			$rank_message = '<div class="warning">You have permission to create new articles, however, you need approval before it actually becomes publically viewable.</div>';
		}
		
		$form_display = '		
			'.$comment_b.'
			'.$rank_message.
		'<h3>Article form</h3>
		<div class="form">
				'.$error_message.'
				<form id="articleform" method="post" action="'.$action.'" onsubmit="return validate_form(this)">
					<label for="title">Article title</label><input type="text" id="title" name="article_title" value="'.$data['article_title'].'" /><br />
					<label for="subtitle">Sub-title *</label><input type="text" id="subtitle" name="article_subtitle" value="'.$data['article_subtitle'].'"  /><br />
					<label for="category">Category</label>
					<select name="article_cat" id="category">
						<option value="all">All categories</option>
						<optgroup label="Categories">
						'.$data['cat_list'].'
						</optgroup>
					</select> (<a href="preferences.php?do=categories" onClick="return confirm(\'Are you sure you want to leave this page, to edit categories?\\n\\nYou will loose all progress on your article.\');">edit categories</a>)<br />
					<label for="main">Main article <a href="javascript:togglewysiwyg(\'main\');">wysiwyg on/off</a><br /><a href="javascript:expandwysiwyg(\'main\');">expand editor</a></label><textarea name="article_text" id="main">'.$data['article_text'].'</textarea><br />
					<h4>Full Story (<a href="javascript:expand(\'advanced\');">expand/collapse</a>)</h4>	
					<div id="advanced" class="advanced" style="display: none;">
						<label for="full">Full article * <a href="javascript:togglewysiwyg(\'full\');">wysiwyg on/off</a><br /><a href="javascript:expandwysiwyg(\'full\');">expand editor</a></label><textarea name="article_exptext" id="full">'.$data['article_exptext'].'</textarea><br />
					</div>
					
					<h4>Image options (<a href="javascript:expand(\'image_options\');">expand/collapse</a>)</h4>	
					<div id="image_options" class="advanced" style="display: none;">
						<label for="imgupload">Article image</label><input type="file" name="image" id="image" /><br />
						<p>There are no restrictions for the image in regards to format/size/resolution.</p>
					</div>
					
					<h4>Additional Options (<a href="javascript:expand(\'add_options\');">expand/collapse</a>)</h4>
					<div id="add_options" class="advanced" style="display: none;">
												<label for="start">Start date *</label><input type="text" name="start_date" id="start"  value="'.$data['start_date'].'" /> (mm/dd/yyyy) <em>(time on server: '.date('m/d/Y').')</em><br />
						<label for="end">End date *</label><input type="text" name="end_date" id="end" value="'.$data['end_date'].'" /> (mm/dd/yyyy)<br />
						<label for="comments" class="nofloat"><input type="checkbox" value="0" name="acchecked" id="comments"'.$data['acchecked_check'].' /> Disable comments</label><br /><br />
						<label for="active" class="nofloat"><input type="checkbox" value="0" name="achecked" id="active"'.$data['achecked_check'].' /> Save as draft (unactive)</label><br />
					</div>
					'.$hidden_f.'
					<div class="alignr">
						<input type="submit" id="submit" name="submit" value="Save article" />
						<input type="submit" id="preview" name="preview" value="Preview article" />
					</div>
				</form>

		</div>';
		
		return $form_display;
	}
	
	function manage_form() {
		//global all the vars we need.
		global $table_rows;
		global $prev_page;
		global $next_page;
		global $globalvars;
		global $search;
		global $do;
		global $sort;
		global $search;
		//generate categories as an option list (<option>...</option)
		$category_list = gen_categories('option','')
		;
		if ($globalvars['page_name'] == "search") { //things to do if we're searching 
			$s_value = $search['query']; //get the query
			$s_cat = gen_cat_name($search['category']); //turn cat number into human readable label
			$a_js = '&q='.$search['query'].'&c='.$search['category'].'&do=search'; //to put in URL if we're searching
			//determine selected category
			$cat_selected = '<optgroup label="Selected:">
							<option selected="selected" value="'.$search['category'].'">'.$s_cat.'</option>
						</optgroup>';
			
		} else {
			$s_value = "click here to start the search..."; //default
			$script = ' onfocus="if
	(this.value==this.defaultValue) this.value=\'\';"'; //enable click/delete script
		}
		
		if (!$sort) { //if no sorting option exists.
			$sort = 'timestamp/desc';
		}
		
		if ($sort) {
			//decide what to inverse
			$sort = split("/",$sort);
			$sort[1] = ($sort[1] == "desc") ? 'asc' : 'desc';
			$sort = $sort[1];
		}
		
		$form = '
		
		<form action="manage.php?do=search" method="post">
			<div class="form">
				<h4>Search (<a href="javascript:expand(\'search\');">expand/collapse</a>)</h4>
				<div class="advanced" id="search" style="display: none">
					<input type="text" id="search" name="query" value="'.$s_value.'" class="searchbox"'.$script.' />
					<select name="category" class="searchelements" id="category" name="category">
						<option value="all">All Categories</option>
							'.$cat_selected.'
						<optgroup label="Categories">
							'.$category_list.'
						</optgroup>
					</select>
					<input type="submit" class="searchbutton" value="Search!" />
				</div>
			</div>
		</form>
		
		<h3>Article list</h3>
		<form action="manage.php" method="get" class="category_wrap">
			<select name="v" onchange="submit();" class="cat_navigation">
				<option value="" class="notice">Return to full viewing</option>
				<option value="" selected="selected">View articles in the category ...</option>
				<optgroup label="Categories" selected="selected">
				'.$category_list.'
				</optgroup>
			</select>
		</form>
		<form action="manage.php?do=deleteitems" method="post" onsubmit="return confirm(\'Are you sure you want to delete the selected items?\');">
			<table style="text-align: left; width: 100%;" border="1"
			 cellpadding="3" cellspacing="2">
			  <tbody>
			    <tr class="toprow">
			      <td style="width: 200px; text-align: left;"><a href="?sort=article_title/'.$sort.'"><strong>Title</strong></a></td>
			      <td><a href="?sort=article_cat/'.$sort.'"><strong>Category</strong></a></td>
			      <td><a href="?sort=timestamp/'.$sort.'"><strong>Date</strong></a></td>
			      <td><a href="?sort=article_author/'.$sort.'"><strong>Author</strong></a></td>
			      <td style="width: 50px"><a href="?sort=active/'.$sort.'"><strong>Active</strong></a></td>
			      <td style="width: 10px; text-align: center;"><strong><input type="checkbox" onClick="Checkall(this.form);" /></strong></td>
			    </tr>
			    '.$table_rows.'
			  </tbody>
			</table>
			<div style="text-align: right; width: 400px; float: right;"><input type="submit" id="submit" value="Delete Selected" /></div>
		</form>
		<div><button class="previous" OnClick="window.location = \'?page='.$prev_page.''.$a_js.'\';">Previous ('.$prev_page.')</button> <button class="next" OnClick="window.location = \'?page='.$next_page.''.$a_js.'\';">Next ('.$next_page.')</button>
		</div>
		';
		
		return $form;
	}
	
	
	function new_item($data,$author) {
		//globalize timestamps
		global $unixtime;
		global $globalvars;
		$news_ip = $_SERVER['REMOTE_ADDR'];
		//form SQL query
		  $new_sql = 'INSERT INTO articles
                    (article_title,
                    article_subtitle,
                    article_author,
                    article_cat,
                    article_text,
                    article_exptext,
                    article_imgid,
                    allow_comments,
                    start_date,
                    end_date,
                    active,
                    approved,
                    timestamp,
                    ip)
              VALUES ("'.$data['article_title'].'",
                      "'.$data['article_subtitle'].'",
                      "'.$author.'",
                      "'.$data['article_cat'].'",
                      "'.$data['article_text'].'",
                      "'.$data['article_exptext'].'",
                      "'.$data['imgid'].'",
                      "'.$data['acchecked'].'",
                      "'.$unixtime['start']['unix'].'",
                      "'.$unixtime['end']['unix'].'",
                      "'.$data['achecked'].'",
                      "'.$data['approved'].'",
                      "'.$globalvars['time'].'",
                      "'.$news_ip.'");';
		$new_res = mysql_query($new_sql) or die(mysql_error());
	}
	
	function edit_item($data,$username) {
		//globalize timestamps
		global $unixtime;
		global $globalvars;
		//define some misc vars (timestamp, ip)

		$news_ip = $_SERVER['REMOTE_ADDR'];
		//form SQL query
				  $edit_sql = 'UPDATE articles SET
                    article_title="'.$data['article_title'].'",
                    article_subtitle="'.$data['article_subtitle'].'",
                    article_author="'.$username.'",
                    article_cat="'.$data['article_cat'].'",
                    article_text="'.$data['article_text'].'",
                    article_exptext="'.$data['article_exptext'].'",
                    article_imgid="imgid",
                    allow_comments="'.$data['acchecked'].'",
                    start_date="'.$unixtime['start']['unix'].'",
                    end_date="'.$unixtime['end']['unix'].'",
                    active="'.$data['achecked'].'",
                    ip="'.$news_ip.'"
                    WHERE id="'.$data['id'].'"';
                    $new_res = mysql_query($edit_sql) or die(mysql_error());
	}
	
	function approve($id) {
		//form SQL query
			$edit_sql = 'UPDATE articles SET
                    approved="1"
                    WHERE id="'.$id.'"';
                    $new_res = mysql_query($edit_sql) or die(mysql_error());
	}
	
	
	//generate category name from id
	function gen_cat_name($catid) {
		if ($catid != "all") {
			$catsql = "SELECT * FROM categories WHERE id='$catid' LIMIT 1";
			$catres = mysql_query($catsql);
			$catname = mysql_fetch_array($catres);
			return $catname['cat_name'];
		} else {
			return "<strong>All Categories</strong>";
		}
	}
	
	function clean_data($data) {
		if (is_array($data)) {
			foreach ($data as $key => $value) {
				if(ini_get('magic_quotes_gpc')) { $data[$key] = stripslashes($value); }
				$data[$key] = htmlspecialchars($value);
				}
		} else {
			if(ini_get('magic_quotes_gpc')) { $data = stripslashes($data); }
			$data = htmlspecialchars($data, ENT_QUOTES);
		}
		
		return $data;
	}
	
	function validate_date($data,$rawtype) {
		global $error_message;
		global $proceed;
			//determine type (start or end)
			if ($rawtype == "start") {
				$type = "start_date";
			} elseif ($rawtype == "end") {
				$type = "end_date";
			}
		if (eregi('^[0-9]{2}/[0-9]{2}/[0-9]{4}$',$data[$type])) { //if start date is formed correctly
					$unixtime['format'] = TRUE; //so the rest of the program knows it's a valid date
					$data[$type] = split("/",$data[$type]); //split mm/dd/yyyy
					if (!checkdate($data[$type][0],$data[$type][1],$data[$type][2])) { //if invalid
						$proceed = "no";
						$error_message = $error_message.'<li>The '.$rawtype.' date is not a valid date.</li>
						';
					} else {
						//check if date is too extreme (too far in future or past)
						if (mktime(0,0,0,$data[$type][0],$data[$type][1],$data[$type][2])) {
							$unixtime['valid'] = TRUE;
							$unixtime['unix'] = mktime(0,0,0,$data[$type][0],$data[$type][1],$data[$type][2]);
						} else { //if it is too extreme...
							$proceed = "no";
							$unixtime['unix'] = join("/",$data[$type]);
							$error_message = $error_message.'<li>The '.$rawtype.' date timestamp could not be created. It may be too far in the future...</li>
							';
						}
					}
				} else {
					$proceed = "no";
					$error_message = $error_message.'<li>The '.$rawtype.' date is not in a valid format. The correct format is: MM/DD/YYYY.</li>
					';
				}
		return $unixtime;
	}

	
/*
USER PAGE FUNCTIONS
The following functions are used for user operations
##############################################
##############################################
*/
	function fetch_ranks($view='option') {
		$ranksql = 'SELECT * FROM ranks';
		$rankres = mysql_query($ranksql) or die(mysql_error());
			while ($rr = mysql_fetch_assoc($rankres)) {
				$options .= '<option value="'.$rr['id'].'">'.$rr['rank_title'].'</option>
				';
			}
		return $options;
	}
	
	function user_form($data=NULL) {
		global $error_message;
		global $do;
			if ($do == "new" || $do == "newp") { //if this is a new process
				$u_action = 'newp';
			} elseif ($do == "edit" || $do == "editp") {
				$u_action = 'editp';
				$u_hiddenid = '<input type="hidden" name="id" value="'.$data['id'].'" />
				<input type="hidden" name="original_username" value="'.$data['user_name'].'" />';
			}
		//define form HTML display for new items.
		$form_display = '		
		<h3>New user</h3>
		<div class="form">
				'.$error_message.'
				<form id="userform" method="post" action="user.php?do='.$u_action.'">
				<div id="columnright">
				<h3>Rank</h3>
				<select name="rank" id="rank" class="highlight">
					'.fetch_ranks().'
				</select>
			</div>
					<label for="username_">Username</label><input type="text" id="username_" class="highlight" name="username_" value="'.$data['user_name'].'" /><br />
					<label for="fullname">Full name</label><input type="text" id="fullname" class="highlight" name="fullname" value="'.$data['full_name'].'" /><br />
					<label for="password_">Password</label><input type="password" id="password_" class="highlight" name="password_" /><br />(Leave blank if you don\'t want to change the password)<br />
					<label for="cpassword_">Confirm Pass</label><input type="password" id="cpassword_" class="highlight" name="cpassword_" /><br />(Leave blank if you don\'t want to change the password)<br />
					<label for="email">Email*</label><input type="text" id="email" name="email" value="'.$data['email'].'" /><br />
				
					<label for="msn">MSN*</label><input type="text" id="msn" name="msn" value="'.$data['msn'].'" /><br />
					<label for="aim">AIM*</label><input type="text" id="aim" name="aim" value="'.$data['aim'].'" /><br />
					<label for="yahoo">Yahoo*</label><input type="text" id="yahoo" name="yahoo" value="'.$data['yahoo'].'" /><br />
					<label for="skype">Skype*</label><input type="text" id="skype" name="skype" value="'.$data['skype'].'" /><br />
					'.$u_hiddenid.'
					<div class="alignr">
					<input type="submit" id="submit" value="Save user" />
					</div>
				</form>
			</div>
		</div>';
		
		return $form_display;
	}
	
	function new_user($data) {
		global $globalvars;
		$data['user_ip'] = $_SERVER['REMOTE_ADDR']; //ip
		//form SQL query
		  $new_sql = 'INSERT INTO users
                    (user_name,
                    full_name,
                    email,
                    password,
                    timestamp,
                    ip,
                    msn,
                    aim,
                    yahoo,
                    skype,
                    display_picture,
                    rank_id)
              VALUES ("'.$data['username_'].'",
                      "'.$data['fullname'].'",
                      "'.$data['email'].'",
                      "'.$data['password_'].'",
                      "'.$globalvars['time'].'",
                      "'.$data['user_ip'].'",
                      "'.$data['msn'].'",
                      "'.$data['aim'].'",
                      "'.$data['yahoo'].'",
                      "'.$data['skype'].'",
                      " ",
                      "'.$data['rank'].'");';
		$new_res = mysql_query($new_sql) or die(mysql_error());
	}
	
	function edit_user($data) {
		global $globalvars;
		
		$data['user_ip'] = $_SERVER['REMOTE_ADDR']; //ip

		if ($data['password_'] != NULL) {
			$data['password_'] = sha1($data['password_']);
			$password_p = 'password="'.$data['password_'].'",';
		}
		
		
		//form SQL query
		  $edit_sql = 'UPDATE users SET
                    user_name="'.$data['username_'].'",
                    full_name="'.$data['fullname'].'",
                    email="'.$data['email'].'",
                    '.$password_p.'
                    ip="'.$data['user_ip'].'",
                    msn="'.$data['msn'].'",
                    aim="'.$data['aim'].'",
                    yahoo="'.$data['yahoo'].'",
                    skype="'.$data['skype'].'",
                    display_picture="",
                    rank_id="'.$data['rank'].'"
              WHERE id="'.$data['id'].'"
              ';
		$edit_res = mysql_query($edit_sql) or die(mysql_error());
	}
	
	function gen_rank_name($rankid) {
			$rsql = "SELECT * FROM ranks WHERE id='$rankid' LIMIT 1";
			$rres = mysql_query($rsql);
			$rname = mysql_fetch_array($rres);
			return $rname['rank_title'];
	}
	
	function rank_form($data=NULL) { //form for new ranks and editing ranks, function so it can be reused with variables inside.
		global $do;
		global $error_message;
		if ($do == 'newrank' || $do == 'nrankp') {
			$action = 'nrankp';
		} elseif ($do == 'editrank' || $do == 'erankp') {
			$action = 'erankp';
			$hidden = '<input type="hidden" name="id" value="'.$data['id'].'" />';
		}

		
		//form
		$content = '
		'.$error_message.'
		<h3>Rank form</h3>
		<form action="user.php?do='.$action.'" method="post">
			<label for="rank_title">Rank title</label><input type="text" id="rank_title" name="rank_title" value="'.$data['rank_title'].'" /><br />
			<label for="rank_desc">Rank description</label><input type="text" id="rank_desc" name="rank_desc" value="'.$data['rank_desc'].'" /><br /><br />
			
			<div id="columnright">
				<br />
				<label for="createranks">Create ranks</label>
				<select name="createranks">
					<optgroup label="Selected:">
						<option selected="selected" value="'.$data['createranks'].'">'.$data['createranks'].'</option>
					</optgroup>
					<optgroup label="Choose an order:">
					<option value="allow">allow</option>
					<option value="disallow">disallow</option>
					</optgroup>
				</select>
				<br />
				
				<label for="manageranks">Manage ranks</label>
				<select name="manageranks">
					<optgroup label="Selected:">
				<option selected="selected" value="'.$data['manageranks'].'">'.$data['manageranks'].'</option>
					</optgroup>
					<optgroup label="Choose an order:">
					<option value="allow">allow</option>
					<option value="disallow">disallow</option>
					</optgroup>
				</select>
				<br />
				
				<label for="loginrecords">Login records</label>
				<select name="loginrecords">
					<optgroup label="Selected:">
						<option selected="selected" value="'.$data['loginrecords'].'">'.$data['loginrecords'].'</option>
					</optgroup>
					<optgroup label="Choose an order:">
					<option value="allow">allow</option>
					<option value="disallow">disallow</option>
					</optgroup>
				</select>
				<br />
				
				<label for="preferences">Preferences</label>
				<select name="preferences">
					<optgroup label="Selected:">
						<option selected="selected" value="'.$data['preferences'].'">'.$data['preferences'].'</option>
					</optgroup>
					<optgroup label="Choose an order:">
					<option value="allow">allow</option>
					<option value="disallow">disallow</option>
					</optgroup>
				</select>
				<br />
			</div>
			<label for="loggingin">Logging in</label>
			<select name="loggingin">
				<optgroup label="Selected:">
					<option selected="selected" value="'.$data['loggingin'].'">'.$data['loggingin'].'</option>
				</optgroup>
				<optgroup label="Choose an order:">
				<option value="allow">allow</option>
				<option value="disallow">disallow</option>
				</optgroup>
			</select>
			<br />
			
			<label for="createarticles">Create articles</label>
			<select name="createarticles">
				<optgroup label="Selected:">
					<option selected="selected" value="'.$data['createarticles'].'">'.$data['label'].'</option>
				</optgroup>
				<optgroup label="Choose an order:">
				<option value="allow">allow</option>
				<option value="allowapp">allow w/ approval</option>
				<option value="disallow">disallow</option>
				</optgroup>
			</select>
			<br />
			
			<label for="approve">approve articles</label>
			<select name="approve">
				<optgroup label="Selected:">
					<option selected="selected" value="'.$data['approve'].'">'.$data['approve'].'</option>
				</optgroup>
				<optgroup label="Choose an order:">
				<option value="allow">allow</option>
				<option value="disallow">disallow</option>
				</optgroup>
			</select>
			<br />
			
			<label for="editarticles">Edit articles</label>
			<select name="editarticles">
				<optgroup label="Selected:">
					<option selected="selected" value="'.$data['editarticles'].'">'.$data['editarticles'].'</option>
				</optgroup>
				<optgroup label="Choose an order:">
				<option value="allow">allow</option>
				<option value="disallow">disallow</option>
				</optgroup>
			</select>
			<br />
			
			<label for="deletearticles">delete articles</label>
			<select name="deletearticles">
				<optgroup label="Selected:">
					<option selected="selected" value="'.$data['deletearticles'].'">'.$data['deletearticles'].'</option>
				</optgroup>
				<optgroup label="Choose an order:">
				<option value="allow">allow</option>
				<option value="disallow">disallow</option>
				</optgroup>
			</select>
			<br />
			
			<label for="createusers">Create users</label>
			<select name="createusers">
				<optgroup label="Selected:">
					<option selected="selected" value="'.$data['createusers'].'">'.$data['createusers'].'</option>
				</optgroup>
				<optgroup label="Choose an order:">
				<option value="allow">allow</option>
				<option value="disallow">disallow</option>
				</optgroup>
			</select>
			<br />
			
			<label for="editusers">Edit users*</label>
			<select name="editusers">
				<optgroup label="Selected:">
					<option selected="selected" value="'.$data['editusers'].'">'.$data['editusers'].'</option>
				</optgroup>
				<optgroup label="Choose an order:">
				<option value="allow">allow</option>
				<option value="disallow">disallow</option>
				</optgroup>
			</select>
			<br />
			
			<label for="deleteusers">Delete users*</label>
			<select name="deleteusers">
				<optgroup label="Selected:">
					<option selected="selected" value="'.$data['deleteusers'].'">'.$data['deleteusers'].'</option>
				</optgroup>
				<optgroup label="Choose an order:">
				<option value="allow">allow</option>
				<option value="disallow">disallow</option>
				</optgroup>
			</select>
			<br />
			'.$hidden.'
			<div class="alignr">
				<input type="submit" id="submit" value="Save rank" />
			</div>
		</form>
			';
		return $content;
	}
	
	function new_rank($rank,$permissions_string,$author) {
		//creating a new rank
		global $globalvars;
		
		$sql = "INSERT INTO ranks
		(rank_title,
		rank_desc,
		rank_author,
		permissions,
		timestamp)
		VALUES (
		'".$rank['rank_title']."',
		'".$rank['rank_desc']."',
		'".$author."',
		'".$permissions_string."',
		'".$timestamp."')";
		
		$res = mysql_query($sql) or die(mysql_error());
		$success = mysql_affected_rows();  //count affected rows
		
		return $success;
	}
	
	function edit_rank($rank,$permissions_string,$id) {
		//edit rank sql
		
		$sql = "UPDATE ranks SET
		rank_title='".$rank['rank_title']."',
		rank_desc='".$rank['rank_desc']."',
		permissions='".$permissions_string."'
		WHERE id='".$id."'
		";
		$res = mysql_query($sql) or die(mysql_error());
		$success = mysql_affected_rows();  //count affected rows
		
		return $success;
	}
	
	function loginrec_form() {
		global $table_rows;
		global $prev_page;
		global $next_page;
		global $globalvars;
		global $search;
		global $do;
		global $error_message;
		global $sort;
		global $search;
		
		if (!$sort) {
			$sort = 'timestamp/desc';
		}
		
		if ($sort) {
			//decide what to inverse
			$sort = split("/",$sort);
			$sort[1] = ($sort[1] == "desc") ? 'asc' : 'desc';
			$sort = $sort[1];
		}
		
		$form = '
		'.$error_message.'
		<h3>Options</h3>
		<ul>
			<li><a href="?do=loginrec&action=delall" onClick="return confirm(\'Are you sure you want to delete the selected items?\');">delete all login records</a></li>
		</ul>
		<h3>Login records list</h3>
		<form action="manage.php?do=deleteitems" method="post" onsubmit="return confirm(\'Are you sure you want to delete the selected items?\');">
			<table style="text-align: left; width: 100%;" border="1"
			 cellpadding="3" cellspacing="2">
			  <tbody>
			    <tr class="toprow">
			      <td style="width: 200px; text-align: left;"><a href="?sort=article_title/'.$sort.'"><strong>Username</strong></a></td>
			      <td><a href="?sort=article_cat/'.$sort.'"><strong>Rank</strong></a></td>
			      <td><a href="?sort=timestamp/'.$sort.'"><strong>Date</strong></a></td>
			      <td><a href="?sort=article_author/'.$sort.'"><strong>IP Address</strong></a></td>
			      <td style="width: 10px; text-align: center;"><strong><input type="checkbox" onClick="Checkall(this.form);" /></strong></td>
			    </tr>
			    '.$table_rows.'
			  </tbody>
			</table>
			<div style="text-align: right; width: 400px; float: right;"><input type="submit" id="submit" value="Delete Selected" /></div>
		</form>
		<div><button class="previous" OnClick="window.location = \'?do=loginrec&page='.$prev_page.''.$s_js.'\';">Previous ('.$prev_page.')</button> <button class="next" OnClick="window.location = \'?do=loginrec&page='.$next_page.''.$s_js.'\';">Next ('.$next_page.')</button></div>
		';
		
		return $form;
	}
	


	
/*
PREFERENCES FUNCTIONS
The following functions are used on the preferences.php file.
##############################################
##############################################
*/

	function new_category($data,$author) {
			//if all is well...
				global $globalvars;

				$ip = $_SERVER['REMOTE_ADDR'];
				$cat_sql = "INSERT INTO categories (cat_name,cat_parent,cat_author,cat_desc,timestamp,ip) VALUES
				('".$data['name']."',
				'".$data['parent']."',
				'".$author."',
				'".$data['description']."',
				'".$globalvars['time']."',
				'".$ip."')";
				$cat_res = mysql_query($cat_sql) or die(mysql_error());
	}
	
	function template_form($data=NULL) {
		global $error_message;
		global $action;
		if ($action == 'edit' || $action == 'editp') {
			$action = 'editp';
			$hiddenid = '<input type="hidden" name="id" value="'.$data['id'].'" />';
		} else {
			$action = 'newp';
		}
			//clean data, html entities
			
	
		//form the... well... form. :)
		$new_form = '
			'.$error_message.'
			<h3>Template form</h3>
			<div class="form">
				<form action="preferences.php?do=templates&action='.$action.'" method="post" id="template">
					<label for="template_name">Template name</label><input type="text" id="template_name" name="template_name" value="'.$data['template_name'].'" /><br />
					<label for="template_desc">Temp. Description</label><input type="text" id="template_desc" name="template_desc" value="'.$data['template_desc'].'" /><br /><br />
					<label for="html_article">Main article <a href="javascript:togglewysiwyg(\'html_article\');">wysiwyg on/off</a><br /><a href="javascript:expandwysiwyg(\'html_article\');">expand editor</a></label><textarea name="html_article" class="code" id="html_article">'.$data['html_article'].'</textarea><br />
					<label for="html_comment">Comments <a href="javascript:togglewysiwyg(\'html_comment\');">wysiwyg on/off</a><br /><a href="javascript:expandwysiwyg(\'html_comment\');">expand editor</a>)</label><textarea name="html_comment" class="code" id="html_comment">'.$data['html_comment'].'</textarea><br />
					<label for="html_form">Comment Form <a href="javascript:togglewysiwyg(\'html_form\');">wysiwyg on/off</a><br /><a href="javascript:expandwysiwyg(\'html_form\');">expand editor</a></label><textarea class="code" name="html_form" id="html_form">'.$data['html_form'].'</textarea><br />
					'.$hiddenid.'
					* You can leave these fields empty, just for freedom\'s sake. We don\'t recommend it though.
					<div class="alignr"><input type="submit" name="submit" id="submit" value="Save template" /></div>
				</form>
			</div>
			';
		return $new_form;
	}
	
	function new_template($data,$author) {
		//creating a new template
		global $globalvars;
		
		$data = clean_data($data);
		
		$sql = "INSERT INTO templates 
		(template_name,
		template_desc,
		template_author,
		timestamp,
		html_article,
		html_comment,
		html_form)
		VALUES (
		'".$data['template_name']."',
		'".$data['template_desc']."',
		'".$author."',
		'".$globalvars['time']."',
		'".$data['html_article']."',
		'".$data['html_comment']."',
		'".$data['html_form']."')";
		
		$res = mysql_query($sql) or die(mysql_error());
		$success = mysql_affected_rows();  //count affected rows
		
		return $success;
	}
	
	function edit_template($data,$author) {
		//creating a new template
		
		$data = clean_data($data);
		
		$sql = "UPDATE templates SET
		template_name='".$data['template_name']."',
		template_desc='".$data['template_desc']."',
		html_article='".$data['html_article']."',
		html_comment='".$data['html_comment']."',
		html_form='".$data['html_form']."'
		WHERE
		id='".$data['id']."'";
		
		$res = mysql_query($sql) or die(mysql_error());
		$success = mysql_affected_rows();  //count affected rows
		
		return $success;
	}
	
	function switch_template($id) {
		$st_sql = "UPDATE templates SET template_selected=''";
		$st_res = mysql_query($st_sql) or die(mysql_error());
			if ($st_res) {
				$st_sql = "UPDATE templates SET template_selected='1' WHERE id=".$id."";
				$st_res = mysql_query($st_sql) or die(mysql_error());
				return TRUE;
			}
	}
	
	function ban($data,$by) {
		//creating a new template
		global $globalvars;
		
		$data = clean_data($data);
		
		$sql = "INSERT INTO banlist
		(ip,
		banned_by,
		reason,
		timestamp)
		VALUES (
		'".$data['ip']."',
		'".$by."',
		'".$data['reason']."',
		'".$globalvars['time']."')";
		
		$res = mysql_query($sql) or die(mysql_error());
		$success = mysql_affected_rows();  //count affected rows
		
		return $success;
	}


/*
ABOUT PAGE FUNCTIONS
The following functions are used on the about.php file. Version checking, rss...
##############################################
##############################################
*/
	function version_check($input) {  //version checking off phpns site
		global $globalvars;
		$version_info = 'Version installed: <strong>'.$globalvars['version'].'</strong><br />Latest version: <script type="text/javascript" src="http://phpns.com/version.php?v='.$globalvars['version'].'"></script><br /><br />';
		
		return $version_info;
	}

	function phpns_rss() {  //rss grabbing from phpns.com
		@set_time_limit(5);
		//variable for rss url, feel free to change it to any RSS page...
		$rss_url = "http://phpns.com/rss.php";
		if ($rss_load = $rss_load = @file_get_contents($rss_url)) { //load raw. 	
			$rss_xml = new SimpleXmlElement($rss_load);
			$start = 0;
			$list = "<ul>
			";
				
			foreach ($rss_xml->channel->item as $item) {
					$title = substr($item->title,0,30); 
					
					if ($start < 5) {
						$list = $list.
						'<li><a href="'.$item->link.'">'.$title.'...</a></li>';
					}
					++$start;
			}
			
			$list = $list.'
			</ul>';
			return $list;
		} else {
			return "We can't connect to the phpns server to fetch latest announcements.";
		}
	}
	

/*
MISC FUNCTIONS
Random functions that might aid for development/debugging
##############################################
##############################################
*/
	function array_dump($array) {
		$dump = "<div style=\"background: #eee; border: 1px dashed #333\">";
		foreach ($array as $key=>$value) {
			$dump = $dump."$key: $value<br />";
		}
		$dump = $dump."</div>";
		return $dump;
	}
		
?>
